Oracle Releases Java Security Fix But Homeland Security Not Pleased

Despite a software pitch for Java software released Monday by Oracle (NASDAQ: ORCL), the No. 1 database developer, the Department of Homeland Security warned millions of computer users about a threat “in the wild.”

As a result, the department’s Computer Emergency Readiness Team advised PC users to “consider disabling Java in Web browsers, until adequate updates are available.”

Last week, the department warned of the vulnerability of Java, which Oracle acquired through its 2010 purchase of Sun Microsystems Inc., especially in the latest version 7 of the software. Oracle said it had released a new version, Update 11, to fix the problems.

Meanwhile, Microsoft (NASDAQ: MSFT), the world's biggest software company, said it had released a security advisory for its Internet Explorer browser versions 6, 7 and 8, which “could allow an attacker to execute arbitrary code if a user accesses a specially crafted website.”

The flaws are important because of the increasing use of websites for banking, financial orders and retail shopping, where credit card and bank account numbers are entered online. Hackers can buy packs that identify flaws, then hack into websites or entire retail networks to intercept those numbers.

The Cybersecurity task force also said that hackers can access ad networks that take consumers to these same sites or that post malware onto their devices.

Oracle said its latest patches address the latest flaws and set the security level on Java to “high” in a bid to alert users that malware could be downloaded onto their machines.

Shares of Oracle fell 33 cents to $34.62 in early Tuesday trading, while those of Microsoft rose 11 cents to $27.